CWE-467 - Use of sizeof() on a Pointer Type
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2024-11-19
Weakness Name
Use of sizeof() on a Pointer Type
Description
The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.
The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.
Common Consequences
Scope: Integrity, Confidentiality
Impact: Modify Memory, Read Memory
Notes: This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows.